From ba65ea936ffb97ec92bc00bad4b4cba5151ec9cd Mon Sep 17 00:00:00 2001 From: sungil Date: Wed, 4 Oct 2023 15:48:44 +0000 Subject: [PATCH 1/2] policy: add a decapod app for policies --- templates/argo-cd/create-app-wftpl.yaml | 30 +++++++++++++++++++ templates/argo-cd/prepare-argocd-wftpl.yaml | 6 ++++ .../decapod-apps/lma-uniformed-wftpl.yaml | 1 - 3 files changed, 36 insertions(+), 1 deletion(-) diff --git a/templates/argo-cd/create-app-wftpl.yaml b/templates/argo-cd/create-app-wftpl.yaml index 4a99cf6..645fe11 100644 --- a/templates/argo-cd/create-app-wftpl.yaml +++ b/templates/argo-cd/create-app-wftpl.yaml @@ -101,3 +101,33 @@ spec: - {name: namespace, value: "{{item.namespace}}"} - {name: target_cluster, value: "{{item.target_cluster}}"} withParam: "{{inputs.parameters.list}}" + + - name: argocd-sync-wait + inputs: + parameters: + - name: cluster_id + - name: appname + container: + name: argocd-sync-wait + image: harbor.taco-cat.xyz/tks/argocd-cli:v2.2.5 + command: + - /bin/bash + - '-c' + - | + # log into Argo CD server + ./argocd login $ARGO_SERVER --plaintext --insecure --username $ARGO_USERNAME \ + --password $ARGO_PASSWORD + + app_name={{inputs.parameters.cluster_id}}-{{inputs.parameters.appname}} + + # sync app + echo "sync app $app_name" + ./argocd app sync $app_name + + # wait for sync + ./argocd app wait $app_name --sync + + envFrom: + - secretRef: + name: "decapod-argocd-config" + activeDeadlineSeconds: 900 diff --git a/templates/argo-cd/prepare-argocd-wftpl.yaml b/templates/argo-cd/prepare-argocd-wftpl.yaml index 037008c..b6a6c91 100644 --- a/templates/argo-cd/prepare-argocd-wftpl.yaml +++ b/templates/argo-cd/prepare-argocd-wftpl.yaml @@ -86,6 +86,12 @@ spec: if [[ $? != 0 ]]; then ./argocd proj create admin-tools --dest "*,*" --src "*" --allow-cluster-resource "*/*" fi + + ./argocd proj get policy + if [[ $? != 0 ]]; then + ./argocd proj create policy --dest "*,*" --src "*" --allow-cluster-resource "*/*" + fi + env: - name: ARGO_SERVER value: '{{workflow.parameters.argo_server}}' diff --git a/templates/decapod-apps/lma-uniformed-wftpl.yaml b/templates/decapod-apps/lma-uniformed-wftpl.yaml index 22d683c..776da9f 100644 --- a/templates/decapod-apps/lma-uniformed-wftpl.yaml +++ b/templates/decapod-apps/lma-uniformed-wftpl.yaml @@ -135,7 +135,6 @@ spec: { "app_group": "lma", "path": "thanos-config", "namespace": "lma", "target_cluster": "" }, { "app_group": "lma", "path": "fluentbit", "namespace": "lma", "target_cluster": "" }, { "app_group": "lma", "path": "kubernetes-event-exporter", "namespace": "lma", "target_cluster": "" } - ] dependencies: [lma-operators] From ebf21307a41d35874ca3bd7521ec9aa88592eef4 Mon Sep 17 00:00:00 2001 From: sungil Date: Wed, 24 Apr 2024 06:47:20 +0000 Subject: [PATCH 2/2] opa-exporter: add exporter for opa --- templates/decapod-apps/lma-uniformed-wftpl.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/decapod-apps/lma-uniformed-wftpl.yaml b/templates/decapod-apps/lma-uniformed-wftpl.yaml index 15bbb8e..e91a0af 100644 --- a/templates/decapod-apps/lma-uniformed-wftpl.yaml +++ b/templates/decapod-apps/lma-uniformed-wftpl.yaml @@ -166,6 +166,7 @@ spec: { "app_group": "lma", "path": "prometheus-pushgateway", "namespace": "lma", "target_cluster": "" }, { "app_group": "lma", "path": "prometheus-node-exporter", "namespace": "lma", "target_cluster": ""}, { "app_group": "lma", "path": "prometheus-adapter", "namespace": "lma", "target_cluster": "" }, + { "app_group": "lma", "path": "opa-exporter", "namespace": "lma", "target_cluster": "" }, { "app_group": "lma", "path": "addons", "namespace": "lma", "target_cluster": "" } ] dependencies: [prepare-lma-metrics, prepare-lma-etcd]